Description

A buffer overflow in the Java Runtime Environment image handling code wasfound. If an attacker could induce a server application to process aspecially crafted image file, the attacker could potentially cause adenial-of-service or execute arbitrary code as the user running the JavaVirtual Machine. (CVE-2007-2788, CVE-2007-2789)

A denial of service flaw was found in the way the JSSE component processedSSL/TLS handshake requests. A remote attacker able to connect to a JSSEenabled service could send a specially crafted handshake which would causethe Java Runtime Environment to stop responding to future requests.(CVE-2007-3698)

A flaw was found in the way the Java Runtime Environment processed fontdata. An applet viewed via the "appletviewer" application could elevate itsprivileges, allowing the applet to perform actions with the samepermissions as the user running the "appletviewer" application. The sameflaw could, potentially, crash a server application which processeduntrusted font information from a third party. (CVE-2007-4381)

A flaw in the applet caching mechanism of the Java Runtime Environment(JRE) did not correctly process the creation of network connections. Aremote attacker could use this flaw to create connections to services onmachines other than the one that the applet was downloaded from.(CVE-2007-5232)

Untrusted Java Applets were able to drag and drop files to a desktopapplication. A user-assisted remote attacker could use this flaw to move orcopy arbitrary files. (CVE-2007-5239)

The Java Runtime Environment (JRE) allowed untrusted Java Applets orapplications to display over-sized windows. This could be used by remoteattackers to hide security warning banners. (CVE-2007-5240)

Unsigned Java Applets communicating via a HTTP proxy could allow a remoteattacker to violate the Java security model. A cached, malicious Appletcould create network connections to services on other machines.(CVE-2007-5273)

Please note: the vulnerabilities noted above concerned with applets canonly be triggered in java-1.4.2-bea by calling the "appletviewer"application.

All users of java-1.4.2-bea should upgrade to these updated packages, whichcontain the BEA WebLogic JRockit 1.4.2_16 release which resolves theseissues.

Solution

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188